Equifax, one of the biggest credit reporting agencies, reported on September 7, 2017, one of the largest data breaches in history which is now impacting half the U.S. population! Equifax reported that criminals “exploited a U.S. website application vulnerability to gain access to certain files.”
The breach includes the compromise of personal information of approximately 143 million individuals, as originally reported; however, as of Oct. 15, CNN reported that there have now been another 2.5 million people breached. The breach includes information including social security numbers, birthdates, credit card numbers and drivers’ licenses.
Now, as to how much liability Equifax will face, nobody really knows just yet. We do know, however, that the Federal Trade Commission (FTC) and many state attorney generals have already started proceedings against Equifax. “The FTC typically does not comment on ongoing investigations,” spokesman Peter Kaplan wrote in an email to Reuters. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff are investigating the Equifax data breach.” In addition, almost 40 states have joined an investigation into Equifax’s business practices.
More recently, Equifax’s cybersecurity has come under fire, stating the core of the compromise was due to a vulnerability in Apache’s open-source Struts software. First discovered earlier this year, the vulnerability was patched in March, months before the beginning of the Equifax compromise. Had Equifax patched the software when a fix first became available, the breach could have been averted.
Emptech Entices Lawmakers to Improve Sensitive Data Regulations
Emptech has sent a letter to Congresswoman Waters and Senator Mark Warner, asking for national reporting reform legislation and stricter laws on more timely notifications to the public when data breaches, such as the one with Equifax occur. Currently California only states that a “timely” notification need happen. This, of course, is the equivalent of not saying anything at all, because there is nothing to be enforced here. We at Emptech are pressing federal lawmakers to move swiftly to enact laws that require all states to move to a public announcement within 72 hours regarding any security breach discovery of sensitive, consumer data.
Thus far, I don’t believe lawmakers on both the federal and state level have been strict enough about regulating data firms who hold sensitive consumer data. Right now, states such as: Connecticut, Florida, Maine, New Mexico, Ohio, Rhode Island, Tennessee and Vermont — have mandated deadlines on how fast an organization needs to inform consumers of a breach. And with each passing day we see a changing landscape as our states and nation wrap their hands around rapid needed change.
Sensitive Data Protection as Top Priority
In light of the Equifax breach, let me assure you that the security of our Verifyfast customer data is our top priority.
As Verifyfast is one of our top brands at Emptech, we take seriously the sensitive data of others.
All sensitive portions of this website such as customer logins and account information make use of the Internet standard Secure Sockets Layer (SSL), which securely encrypts information between Verifyfast servers and our customers.
We make extensive use of industry standard best practices when safeguarding information stored on Verifyfast servers, databases, and backups. This includes, but is not limited to: encrypted transmission of any customer data, secure storage of said data, network and host firewalls, intrusion prevention systems, disaster recovery solutions, and much more. Additionally, all Verifyfast servers are housed in secure SSAE 16 and SOC 2 audited facilities and is protected against disasters such as power loss, fires, flooding, and others.
We are committed to continually monitoring the integrity of our data, systems, and networks. We routinely audit our security practices and revise them, adding complementary processes and technologies as needed. We understand the trust you place in us when choosing Verifyfast and want to make sure we earn that trust.
If you would like to discuss anything further in my blog, please feel free to contact me at any time at firstname.lastname@example.org or 800.518.3874.